Authentication Vs Authorization

“Authenticating users” means determining a user really is who he or she says (verifying the identity of a user). This is often done using a shared secret such as a password.

“Authorizing users” means granting or restricting access to a specific user who has identified himself or herself. For example, clients in an administrative role are often granted more access than clients in a role as simple users.

No comments: